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(§4) Voice password-controlled computer security system. 



@ A voice password-controlled computer sec- 
urity system and method of operation for query- 
ing a user to provide voice password 
information and, upon a match thereof with 
stored voice Information for the user, initiating 
a data connection to a preasslgned terminal 
associated with the Identified user. 
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Technical Field 

This invention relates to computer system sec- 
urity and, in particular, to voice password-controlled 
computer systems. s 

Background of the Invention 

In many industries, computers are relied upon to 
store and process highly sensitive information. The 10 
banking industry uses computers to control fund 
transfers and the dispensing of cash at automated tel- 
ler machines. The telecommunication industry uses 
computers to establish call connections around the 
globe as well as to process associated billing infor- is 
mation. Other industries control inventory, generate 
bills, and control medical instruments all through the 
use of computers. Naturally, such computers are Invit- 
ing targets to interlopers - both the professional var- 
iety who seeks access for profit and the so-called 20 
"hacker* who purportedly seeks access for fun and 
glory. 

Typically, security in computer systems has been 
instituted through the use of preassigned passwords. 
In response to a computer query, a user who supplies 25 
the correct password is given access to the computer 
system, while one who fails to provide the password 
is not afforded such access. The use of passwords is 
generally effective, yet is often easily defeated mainly 
due to human failings. Users, to avoid forgetting their 30 
password, sometimes write it down in a convenient 
place - like on the back of their automatic teller card 
or on the terminal itself. Moreover, they often select 
passwords that are equally obvious: their first or last 
name, their social security number, their children's 35 
name, their home address or their telephone number. 
Moreover, certain operating systems provide stan- 
dard passwords (e.g., "install") which should be 
changed by the System Administrator during the initial 
Installation of the computer system. However, many 40 
Systems Administrators fail to change these standard 
passwords leaving their systems particularly vulner- 
able. In short, the security of password-controlled sys- 
tems is often breached because interlopers find 
passwords or are able to quickly guess passwords 45 
with a few intelligent choices. 

To help overcome these problems, security in 
password controlled systems have been augmented 
by a user-controlled calculatorlike device, adapted to 
execute a secret encryption algorithm. After the com- so 
puter receives a valid password, it sends a number to 
the terminal of the user. The user then manually 
enters this number into the calculator. The calculator 
then automatically executes the secret algorithm to 
generate an output number. The user enters the out- 55 
put number and the computer compares this number 
with a similar number it generates internally using the 
same algorithm. A match Indicates that the user pos- 



sesses this unique encryption calculator and access 
to the computer is provided. This system is highly 
effective, except obviously where the intruder has 
both the password and the calculator. 

Security problems are compounded where com- 
puters are networked together. Access to the network 
itself affords a user the ability to potentially gain 
access to not just one computer, but often tens or hun- 
dreds of computers. To prevent unauthorized users 
from using the network, access to the network is only 
provided to users with an additional password called 
a network security password. This password often 
comprises randomly chosen numbers and letters, and 
is changed frequently, such as monthly. Upon entry of 
the correct network password, the user is asked to 
identity the computer to be accessed and then has to 
proceed through the normal login and password pro- 
cedure before getting access to resources in the iden- 
tified computer 

The basic problem with all these security sys- 
tems, however, is that they allow access by a user 
without ascertaining his or her true identity - i.e., with- 
out establishing some personal uniqueness, such as 
through fingerprints, DNA criteria or, as in my inven- 
tion, voice characterisrics. 

Summary of the Invention 

The foregoing problem is solved by a voice pass- 
word-controlled security system. In response to the 
initiation of a voice connection, a computer queries 
the user for identification information and, upon ascer- 
taining its validity, queries the user to repeat a selec- 
ted series of digits or a phrase consisting of a group 
of words. The computer then compares the voice 
Information received over the voice line with pre-sto- 
red voice information associated with an authorized 
user. If and only if a voice match occurs verifying the 
identity of the user, the computer initiates the estab- 
lishment of a data connection to a terminal associated 
with the identified user. 

Due to the high reliability of the voice verification 
system, intruders, even those with password infor- 
mation and who mimic the user's voice, will usually be 
precluded access to the computer. A voice verification 
system is adapted to indicate who spoke in contrast 
to a speech "recognizer* which Ideally indicates what 
was spoken. Significantly, my verification system is 
effective yet places no additional burdens on the user, 
such as memorizing additional codes or carrying 
encryption devices. 

In accordance with an embodiment of the inven- 
tion, a voice password-controlled computer system, 
responsive to a telephone call established thereto - 
which advantageously may Include the use of a toll- 
tree number, first queries a user to provide unique 
Identification Information such as a payroll account 
number orasocial security number. This Identification 
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information may either be provided verbally by the 
user and "recognized" by the system or input by the 
user using a touch-tone pad associated with the tele- 
phone. If the received identification matches that of an 
authorized user of the computer system, the system s 
verbally requests the user to repeat a series of ran- 
domly selected digits, such as "one" "seven" "five" 
"one". Using a voice verification technique, the com- 
puter matches received voice Information with pre- 
stored voice information for the authorized user and 10 
generates a confidence recognition factor indicating 
how closely the received voice matches the stored 
voice of the authorized user. If the factor exceeds a 
preset threshold, the user Is advised that access will 
be granted, the voice line is then disconnected, and 15 
the computer initiates (or for a networked system 
causes a computer associated with the user to 
Initiate) a data connection to a prestored number of a 
terminal associated with the authorized user. The 
user then uses the terminal to access the computer 20 
over the data connection upon successful completion 
of an additional login and password procedure. 

Thus, In accordance with a feature of the inven- 
tion, a data connection is established only after the 
user is uniquely identified by voice verification, and 25 
the data connection is established only to a prestored 
destination terminal associated with the Identified 
user. 

In accordance with another feature of the Inven- 
tion, the digits or words are chosen at random to pre- 30 
vent an Intruder from merely tape recording a prior 
voice session and playing it back over the voice line 
to deceive the computer. 

Brief Description of the Drawing 35 

FIG. 1 illustrates In block diagram form, a voice 
password-controlled computer security system 
embodying the principles of the instant invention. 

FIG. 2 sets forth in greater detail the voice 40 
apparatus and programmed processor shown In FIG. 
1. 

FIGS. 3 and 4 illustrate flow charts of the oper- 
ation of the system shown in FIG. 1 in accordance with 
the principles of the invention. 45 

FIG. 5 sets forth an illustrative section of the data 
base stored in the memory of the program processor 
shown in FIG. 2. 

Detailed Description so 

In accordance with the illustrative embodiment of 
this Invention, a user at telephone 13 in FIG. 1 who 
wishes to use terminal 11 to gain access to a com- 
puter, such as HXXBA, must first establish a voice 65 
connection to programmed proessor 12. Advan- 
tageously, for a large system serving hundreds of 
users, processor 12 can be reachable using a toll-free 



number. Thus, after dialing the toll-free number iden- 
tifying processor 12, a voice telephone connection Is 
established in the usual manner from telephone 13 to 
processor 12 via telephone central office switches 15 
and 17. Box 18 in FIG. 1, designated "toll-free ser- 
vice", is representative of the data base used in the 
provision of toll-free service and, although involved In 
the initial table look-up of the actual called number, 
plays no role beyond that after the voice connection 
has been established. 

Processor 12 is adapted to confirm the identity of 
a user using voice verification techniques and may be 
any type of general purpose computer comprising 
memory, a central processing unit and communi- 
cation ports through which data connections may be 
established. In this Illustrative embodiment, pro- 
cessor 12 Is a 3B2-1000 computer manufactured by 
AT&T and running the UNIX™ operarlng system. 

As shown in FIG. 1, processor 12 is networked, 
via a well-known commercially available, local/wide 
area DATAKIT™ network, to a plurality of other com- 
puters of which MXBAU, HXXBY, and HXXBA are 
representative. These computers can collectively 
serve hundreds of users. I contemplate that access to 
these computers from virtually all remote terminals 
would first require voice confirmation which is advan- 
tageously centralized at processor 12. Processor 12 
will store voice verification Information for the users of 
the networked computer system. Because of this cen- 
tralization, logins for users can be switched from one 
computer to another in the system without the need to 
provide new voice samples. 

More specifically, after establishment of the voice 
connection from telephone 13, processor 12 first 
queries the user to provide unique Identification infor- 
mation such as a company payroll number. This num- 
ber If spoken Into the telephone by the user will be 
detected and converted to the proper format by voice 
apparatus 14 and conveyed to processor 12. Since 
some accents and speech patterns present formid- 
able problems for presently available speech recog- 
nition technology, tone receiver 16, wired in parallel 
with voice apparatus 14, is also provided to receive 
the payroll number. Thus, If the number is entered 
using telephone 13's generating pad, it will be detec- 
ted by tone receiver 16 and the received numbers 
conveyed to processor 12. Processor 12 then con- 
sults prestored payroll number information to deter- 
mine whether or not the entered number matches that 
of an authorized user. If so, processor 12 generates 
a 4-diglt random number (e.g., 5772) and controls 
voice apparatus 14 to request the user to repeat the 
4-digit number into the user telephone 13 (e.g., "After 
the tone, please speak the following numbers in sequ- 
ence: five, seven, seven, two"). 

Processor 12 then compares the speech 
embodied In the received 4-diglt number with the 
user's stored reference speech for the 4-diglt number. 
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A confidence verification factor Indicating the close- 
ness of the match of the received speech patterns 
with the stored reference patterns is assigned to the 
received speech. This factor Is then compared with a 
pre-determined threshold value established to identify s 
valid "voice passwords." If the confidence verification 
factor is greater than the threshold value, processor 
12 then uses voice apparatus 14 to apprise the user 
that access will be granted and to prepare his or her 
terminal to receive a call back data call from computer w 
HXXBA (I.e., "Access granted, please turn on your ter- 
minal to receive callback"). The voice connection to 
telephone 13 is then dropped since it fs no longer 
needed. 

Once the identity of the user is confirmed by voice 15 
verification, processor 12 utilizes the DATAKIT net- 
work to apprise a computer, here HXXBA, associated 
with the identified user to establish a data call from the 
computer to user terminal 1 1 via the DATAKIT net- 
work and the telephone network. User terminal 11, 20 
which is depicted as a personal computer, is rep- 
resentative of any peripheral device with a video dis- 
play, such as a terminal. Computer HXXBA, in 
response to the initiation of a bidirectional data con- 
nection to terminal 1 1 , provides a "LOGIN" prompt to 25 
the user at the terminal. The user then enters his or 
her login which identifies the user, and computer 
HXXBA then prompts the user to enter a 
"PASSWORD*. A match of the login and password 
will result In the user at terminal 11 being afforded 30 
access to resources in computer HXXBA. 

Although the voice connection from control once 
switch 15 to user telephone 13 is shown as a distinct 
physical path from the data connection to user termi- 
nal 1 1 , it need not be physically separate. Using pre- 35 
sent ISDN technology, the voice connection and the 
data connection from switch 1 5 can be over the same 
physical medium. 

The operation of the illustrative embodiment 
shown in FIG. 1 will now be described In greater detail 40 
with reference to the flow diagram of FIGS. 3 and 4 
and the illustrative data shown in FIG. 5. We will 
assume that the user associated with payroll number 
123-45-6789 in FIG. 5 is at user terminal 1 1 in FIG. 1 
and wishes to access computer HXXBA. The user, 45 
upon receipt of a dial tone attelephone 13, dials a toll* 
free number associated with processor 12. Telephone 
central office switch 15 receives the dialed digits and 
routes the call to toll-free service box 18. The actual 
called number associated with the dialed toll-free so 
number fs ascertained and then the call is routed 
directly from telephone central office switch 15 in the 
normal manner to telephone central office switch 17, 
which services processor 12. Upon detection of the 
initiation of a call thereto, processor 12 queries the 55 
user, via voice apparatus 14 shown In greater detail 
in FIG. 2, to enter a payroll number (step 31, FIG. 3). 

Voice apparatus 14 comprises voice response 



unit 22 and digit recognizer 23 - both interconnected 
by bus 21 and controlled by processor 12. To provide 
speech output, processor 12 provides stored text in a 
digital format to voice response unit 22, which using 
a digital to analog converter generates speech. Typi- 
cally, phrases such as "access granted ... ", "nine", 
"after the tone ...", are stored in data storage device 
24 in a digital format as shown in table 63 in FIG. 5. 
Processor 12 generates and provides speech to a 
user by providing such digital information over bus 21 
to voice response unit 22, and controlling unit 22 to 
output the speech over the voice connection shown in 
FIG. 2. 

More specifically, processor 112 retrieves from 
data storage 24 the digital equivalent of the phrase 
"after the tone, please enter your payroll number" 
shown in text storage 63 in FIG. 5. Voice response 
unit 22 in FIG. 2 converts the digital information to 
voice and conveys it over the voice connection to tele- 
phone 13. The user then can enter his or her payroll 
number using the touch tone pad at telephone 13. 
Entered digits will be detected by touch tone receiver 
16 and provided to processor 12. 

Alternatively, the user can speak the digits com- 
prising the payroll number. Digits spoken by a user 
are detected by digit recognizer 23, which includes an 
analog to digital converter for conveying the digital 
information, upon request to processor 12 via bus 21. 
Digit recognizer 23 in conjunction with processor 12 
should, for most people, be able to decipher the spo- 
ken digits. Thus, upon receipt of the digital infor- 
mation, processor 12 attempts to ascertain the 
spoken digits using well known voice verification 
techniques and, upon ascertaining same (or receiving 
the digits from touch-tone receiver 16), processor 12 
performs a simple table look-up function to determine 
if the received number matches the payroll number of 
an authorized user of the computer system (step 33, 
FIG. 3). Here, the digits entered by the user, namely 
123456789, match the same number stored In payroll 
number storage area 61 In FIG. 5. 

Processor 12 randomly generates a 4-dlgit num- 
ber (step 41, FIG. 4) and retrieves from data storage 
24 the four corresponding stored reference speech 
digits for the user. If the random number were "9102", 
processor 12 would retrieve from table 62 in FIG. 6 for 
user 123-45-6789, the digital information correspond- 
ing to "NINE " "ONE" ZERO" and TWO". Processor 
12 also retrieves binary information from table 63 rep- 
resenting the phrase "After the tone, please speak the 
following number in sequence:" and routes it over bus 
21 to voice response unit 22, which converts the 
binary information to speech. The binary information 
representing each of the four digits of the randomly 
chosen number "9102" is also retrieved from table 63 
and conveyed In the proper sequence over bus 21 to 
unit 22 where It Is also converted to speech. Thus user 
123-45-6789 (step 42, FIG. 4) Is asked over the voice 
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connection in FIG. 1 to repeat the digits "91 02* into 
user telephone 13. 

User 123-46-6789 then repeats the digits "9102" 
Into telephone 1 3 for conveyance over the voice con- 
nection. Digit recognizer 23 in FIG. 2 digitizes the 5 
speech (step 43) and conveys the received speech to 
processor 12. Processor 12 utilizing a well-known pro- 
cess, uses energy contours of the received speech to 
identify end points of each number, forms test pat- 
terns of frames consisting of cepstral co-efficients and 10 
speech energy. A dynamic time warp (DTW) pro- 
cedure then calculates the distance between the 
referenced speech pattern for user 12^45-6789, 
which was retrieved previously, and the received test 
pattern and assigns a confidence recognition value is 
thereto. If the calculated value is greater than a pre- 
set threshold (step 44), processor 12 retrieves the 
phrase "access granted; please turn on your terminal 
to receive call-back'* from table 63 in FIG. 5, and trans- 
mits it via voice response unit 22 to user telephone 13 20 
(step 45). The voice connection is then dropped (step 
46, FIG. 4). 

Processor 12 utilizes payroll number storage 
table 61 in FIG. 5 to ascertain that user 123-45-6789 
is associated with computer HXXBA and a terminal 25 
with telephone number 201-555-1212. Processor 12 
then sends a message to computer HXXBA via the 
DATAKIT network to initiate a data call to the iden- 
tified telephone number (step 47, FIG. 4). This call is 
then instituted either over a phone line connected 30 
directly to the computer (not shown) or using a 
DATAKiT node in the normal manner (step 48, FIG. 
4). Thus, node 19 In FIG. 1, upon receipt of dial tone 
from telephone switch 15, dials the number 201-555- 
1212 and is connected to user terminal 11. The user 35 
then logs Into computer HXXBA by responding to the 
login and password prompts (step 49, FIG. 4). 

Although the instant embodiment has been des- 
cribed in terms of a randomly selected 4-digit number, 
the voice-password security system works well with 40 
non-numeric phrases. The user reference voice stor- 
age 62 in FIG. 5 could, for example, comprise a series 
of commonly used phrases such as "the" "rain" "in" 
"Spain - "falls" "mainly" "on" "the" "plain" and "now" "is" 
"the" "time" "for" "all" "good" "men" "to" "come" "to" 45 
"the" "aid" "of "'their - "party". With this vocabulary, the 
computer could query a user to repeat one of the fol- 
lowing phrases: 

The time for Spain is now" or "The men come to the 
party in Spain" or "rain, men, Party." so 

It is obvious from the foregoing that the security 
of a computer system may be substantially enhanced 
by the described voice password system. While the 
Instant invention has been disclosed with respect to a 
general purpose computer, it should be understood 55 
that such an embodiment Is Intended to be Illustrative 
of the principles of the Invention and that numerous 
other arrangements, such as a computer system dedi- 



cated to a specific use (e.g., automated teller machine 
functions) may be devised by those skilled In the art 
without departing from the spirit and scope of the 
invention. 



Claims 

1. A method for controlling access to a resource in 
response to a request by a person requesting 
such access comprising 

comparing identity information provided by 
said person with stored Identity information 
associated with one or more authorized users, 

CHARACTERIZED IN THAT 

said identity information comprises infor- 
mation characteristic of said one or more 
authorized users* speech, and 

said method further comprises 

prompting said person requesting access 
to utter a series of sounds, 

comparing sounds received from said per- 
son with said stored speech information related to 
said series of sounds, and 

granting access to said resource by said 
person requesting access if said comparing Indi- 
cates a predetermined degree of similarity. 

2. The method of claim 1 

CHARACTERIZED IN THAT 
said resource is a computer, 

and 

said granting comprises signaling said 
computer to grant access. 

3. The method of claim 1 further 

CHARACTERIZED IN THAT 
said prompting comprises prompting the 
prospective user to utter a series of words. 

4. The method of claim 3 

CHARACTERIZED IN THAT 
said series of words Is a series of randomly 
selected words. 

5. The method of claim 2 further 

CHARACTERIZED IN THAT 

said request originates from a location 
associated with an authorized user, said location 
having a communication path from a computer 
terminal associated with an authorized user to 
said computer, 

said stored identity information further 
comprises Information identifying said computer 
terminal, and 

said granting further comprises establish- 
ing an operative connection over said communi- 
cation path connecting said computer to said 
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terminal. 

6. The method of claim 1 

CHARACTERIZED IN THAT 

said stored Identify information for 
authorized users comprises identification indicia 
other than said speech information, 

said prompting is performed in response to 
said identification indicia, and 

said comparing is accomplished with res- 
pect to stored speech Information associated with 
an authorized user having said identification indi- 
cia provided in said request 
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FIG. 3 
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